{"id":18565044,"url":"https://github.com/greenbone/greenbone-scap","last_synced_at":"2025-05-15T18:35:09.290Z","repository":{"id":228781728,"uuid":"774446436","full_name":"greenbone/greenbone-scap","owner":"greenbone","description":"Python library for CVE and CPE Infomation","archived":false,"fork":false,"pushed_at":"2024-04-15T06:11:41.000Z","size":241,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-04-17T16:11:17.114Z","etag":null,"topics":["cpe","cve","greenbone","nist","nvd","openvas","python","scap"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/greenbone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-03-19T15:07:48.000Z","updated_at":"2024-04-22T07:36:44.397Z","dependencies_parsed_at":"2024-03-25T07:51:09.914Z","dependency_job_id":"1e99b82e-5970-47b3-801e-6b1d9b6dad52","html_url":"https://github.com/greenbone/greenbone-scap","commit_stats":null,"previous_names":["greenbone/greenbone-scap"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fgreenbone-scap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fgreenbone-scap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fgreenbone-scap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fgreenbone-scap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/greenbone","download_url":"https://codeload.github.com/greenbone/greenbone-scap/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239293948,"owners_count":19615043,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpe","cve","greenbone","nist","nvd","openvas","python","scap"],"created_at":"2024-11-06T22:17:29.287Z","updated_at":"2025-02-17T13:15:00.619Z","avatar_url":"https://github.com/greenbone.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Greenbone Logo](https://www.greenbone.net/wp-content/uploads/gb_new-logo_horizontal_rgb_small.png)\n\n# greenbone-scap - Python library for downloading CVE and CPE from NIST NVD  \u003c!-- omit in toc --\u003e\n\n[![GitHub releases](https://img.shields.io/github/release/greenbone/greenbone-scap.svg)](https://github.com/greenbone/greenbone-scap/releases)\n[![PyPI release](https://img.shields.io/pypi/v/greenbone-scap.svg)](https://pypi.org/project/greenbone-scap/)\n[![codecov](https://codecov.io/github/greenbone/greenbone-scap/graph/badge.svg?token=wsPeLRsMJI)](https://codecov.io/github/greenbone/greenbone-scap)\n[![Build and test](https://github.com/greenbone/greenbone-scap/actions/workflows/ci-python.yml/badge.svg)](https://github.com/greenbone/greenbone-scap/actions/workflows/ci-python.yml)\n\nThe **greenbone-scap** Python package is a collection of utilities and tools to\ndownload the CPE and CVE information from the [NIST NVD REST API](https://nvd.nist.gov/developers)\ninto a PostgreSQL database.\n\n## Table of Contents \u003c!-- omit in toc --\u003e\n\n- [Installation](#installation)\n  - [Requirements](#requirements)\n  - [Install using pipx](#install-using-pipx)\n  - [Install using pip](#install-using-pip)\n- [Usage](#usage)\n- [Docker Compose](#docker-compose)\n- [Command Completion](#command-completion)\n  - [Setup for bash](#setup-for-bash)\n  - [Setup for zsh](#setup-for-zsh)\n- [Development](#development)\n- [Maintainer](#maintainer)\n- [Contributing](#contributing)\n- [License](#license)\n\n## Installation\n\n### Requirements\n\nPython 3.11 and later is supported.\n\n### Install using pipx\n\nYou can install the latest stable release of **greenbone-scap** from the [Python\nPackage Index (pypi)][pypi] using [pipx]\n\n    python3 -m pipx install greenbone-scap\n\n### Install using pip\n\n\u003e [!NOTE]\n\u003e The `pip install` command does no longer work out-of-the-box in newer\n\u003e distributions like Ubuntu 23.04 because of [PEP 668](https://peps.python.org/pep-0668).\n\u003e Please use the [installation via pipx](#install-using-pipx) instead.\n\nYou can install the latest stable release of **greenbone-scap** from the [Python\nPackage Index (pypi)][pypi] using [pip]\n\n    python3 -m pip install --user greenbone-scap\n\n## Usage\n\nThe **greenbone-scap** Python package provides three tools,\n\n* `greenbone-cve-download` to download all CVE information from NIST NVD into\n  a PostgreSQL database,\n* `greenbone-cpe-download` to download all CPE information from NIST NVD into a\n  PostgreSQL database and\n* `greenbone-cpe-find` to search for specific CPEs in the PostgreSQL database.\n\nAll three tools require to setup a PostgreSQL database to work correctly. The\nparameters for the PostgreSQL database like host, port, username and password\ncan be set via environment variables or passed as CLI arguments.\n\n## Docker Compose\n\nThe tools are easiest to use via the provided [docker compose](https://docs.docker.com/compose/)\n[file](./docker/compose.yml). For a quick setup the following commands can be\nused:\n\n```sh\ncd docker\necho \"DATABASE_PASSWORD=my-super-safe-password\" \u003e .env\ndocker compose up\n```\n\nAdditionally a [NIST API key](https://nvd.nist.gov/developers/request-an-api-key)\ncan be used to extend the rate limits for the download.\n\n```sh\necho \"NVD_API_KEY=my-nist-api-key\" \u003e\u003e .env\n```\n\nOn the first startup all CPE and CVE information will be downloaded. This will\ntake some hours depending on your network connection and the server reliability\nat NIST. On the next startup only the changed and new CPEs and CVEs since the\nprevious startup are updated or created.\n\nTo only download CPEs run `docker compose up cpe` and to only download CVEs\n`docker compose up cve`.\n\nTo re-download and re-update all CPE and CVE information the data volume can be\ndeleted by running `docker volume rm greenbone-scap_data`.\n\nTo restart from scratch all containers have to be shutdown and the volumes have\nto be removed. This can be done by running `docker compose down -v`.\n\nThe PostgreSQL database can be accessed from the docker host via\n`psql -U scap -h localhost -p 5432 scap` and using the defined database password\nfrom the `.env` file.\n\n## Command Completion\n\n`greenbone-scap` comes with support for command line completion in bash and zsh.\nAll greenbone-scap CLI commands support shell completion. As examples the\nfollowing sections explain how to set up the completion for `greenbone-cve-download`\nwith bash and zsh.\n\n### Setup for bash\n\n```bash\necho \"source ~/.greenbone-cve-download-complete.bash\" \u003e\u003e ~/.bashrc\ngreenbone-cve-download --print-completion bash \u003e ~/.greenbone-cve-download-complete.bash\n```\n\nAlternatively, you can use the result of the completion command directly with\nthe eval function of your bash shell:\n\n```bash\neval \"$(greenbone-cve-download --print-completion bash)\"\n```\n\n### Setup for zsh\n\n```zsh\necho 'fpath=(\"$HOME/.zsh.d\" $fpath)' \u003e\u003e ~/.zsh\nmkdir -p ~/.zsh.d/\ngreenbone-cve-download --print-completion zsh \u003e ~/.zsh.d/_greenbone_cve_download\n```\n\nAlternatively, you can use the result of the completion command directly with\nthe eval function of your zsh shell:\n\n```bash\neval \"$(greenbone-cve-download --print-completion zsh)\"\n```\n\n## Development\n\n**greenbone-scap** uses [poetry] for its own dependency management and build\nprocess.\n\nFirst install poetry via [pipx]\n\n    python3 -m pipx install poetry\n\nAfterwards run\n\n    poetry install\n\nin the checkout directory of **greenbone-scap** (the directory containing the\n`pyproject.toml` file) to install all dependencies including the packages only\nrequired for development.\n\nAfterwards activate the git hooks for auto-formatting and linting via\n[autohooks].\n\n    poetry run autohooks activate\n\nValidate the activated git hooks by running\n\n    poetry run autohooks check\n\n\n## Maintainer\n\nThis project is maintained by [Greenbone AG][Greenbone]\n\n## Contributing\n\nYour contributions are highly appreciated. Please\n[create a pull request](https://github.com/greenbone/greenbone-scap/pulls)\non GitHub. Bigger changes need to be discussed with the development team via the\n[issues section at GitHub](https://github.com/greenbone/greenbone-scap/issues)\nfirst.\n\n## License\n\nCopyright (C) 2024 [Greenbone AG][Greenbone]\n\nLicensed under the [GNU General Public License v3.0 or later](LICENSE).\n\n[Greenbone]: https://www.greenbone.net/\n[poetry]: https://python-poetry.org/\n[pip]: https://pip.pypa.io/\n[pipx]: https://pypa.github.io/pipx/\n[autohooks]: https://github.com/greenbone/autohooks\n[pypi]: https://pypi.org\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreenbone%2Fgreenbone-scap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgreenbone%2Fgreenbone-scap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreenbone%2Fgreenbone-scap/lists"}